Electronic device tracking or verification

Embodiments discussed herein generally relate to processes for secure identification, authentication, tracking, control, security, or tamper detection of electronic devices. Embodiments can be used in supply chains or other areas of an electronic device life cycle.

Prior electronic device tracking includes auditing of assets. In such auditing, an external mark, typically including some globally unique indicia (e.g., a number or other series of characters, a quick response (QR) code, or the like), is applied to an external, easily accessible portion of the electronic device. A database indexing the device relative to the globally unique indicia is then accessed to determine a history of the device. These auditing systems are easily fooled, as the globally unique indicia can be removed, placed on another device, copied and placed on another electronic device, or the like. This makes these auditing systems insecure and inaccurate for many applications and settings.

There is also a popular method of embedding a hard coded identifier, like deoxyribonucleic acid (DNA), that can be read and verified by the user. An issue with such a technique is that it is easy to clone or simply generate a new bogus identifier. In some instances, the identifier is implemented in the metal layers of the device and the identifier is fixed. Some identifiers are implemented as one time programmable fuses that are set during wafer testing or device testing. Once set the identifier is always present and readable (therefore cloneable).

Embodiments discussed herein generally relate to processes for secure identification, authentication, tracking, control, security, or tamper detection of electronic devices. Embodiments can be applied in multiple portions of the life cycle of these devices. Device “fingerprints” from prior life cycle process steps can be authenticated at a later stage, such as to verify device authenticity and attestation or otherwise reaffirm that the device is the same device as expected. Unique digital signatures can testify to process and control steps as well as to provide accountability, audit, or forensics.

Embodiments can combine strong physical unclonable function (PUF) technology with a protocol to create a unified approach to provide secure identification, authentication, tracking, tamper detection, or control of electronic devices. Embodiments can combine specific cryptographic protocols for integrity, and signing to create cryptographic keys (e.g., in the form of hashes of responses), ledgers, and other instruments that are securely and irrefutably bound to specific individual electronic devices. Embodiments can provide means to generate keys and certificates to bind. Embodiments can provide a specified process and protocols for life-cycle operations to facilitate a consistent process for tracking and use of electronic devices from manufacture to decommission of the electronic devices.

No standard approach currently exists for secure identification, authentication, tracking, and control of trusted electronic processing devices within supply chains or other portion of the life cycle of these electronic processing devices. Further, no known approach exists for secure field deployment of documents and objects such as new baselines of software and firmware that are securely bound to those specific individual electronic devices or systems using those devices.

PUF technology provides a hardware-grounded cryptographic primitive. Using PUF, one can derive a cryptographic entropy and keys from an electronic device, such as by using statistical processing. One can use a large number of independent PUF measurements whose values are derived from real-valued device behavioral characteristics that vary due to natural manufacturing process as input to a cryptographic entropy or key generation technique.

Electronic devices are increasingly unclonable, since they are fabricated to produce higher performance at increased frequencies with smaller geometries and at lower voltages. This makes it increasingly difficult to produce devices that are acceptably “identical.” When enough measurements of a large number of independent parameters are taken, at sufficient precision, a problem of producing a second copy of device that produces the same measurements becomes increasingly intractable.

PUFs can be generally characterized as being either weak or strong PUFs. A weak PUF has a fixed limited number (typically one) of challenges per PUF instance. The weak PUF can be designed to restrict access or observability of responses such as to provide a more secure weak PUF. A strong PUF, in contrast, is typified by a more complex challenge-response behavior derived from a complex physical structure of the PUF. Typically, many physical components are involved in the generation of a response, and there is a very large number of possible challenges that can be applied to the strong PUF. PUF helper data, such as raw underlying physically observed phenomena, does not correspond to an idealized deterministic output without statistical manipulation. Furthermore, nondeterministic influences including environmental noise, supply voltages, temperature, or the like can be compensated for in order to produce statistically invariant and reproducible values. The pairing of a strong PUF challenge to the associated result is referred to as a challenge response pair (CRP). Strong PUFs have a nearly exponentially large CRP value space.

The security of strong PUFs does not rely on the security of the challenge-response interface, while a weak PUF does rely on the security of the challenge-response interface. The strong PUFs cannot be attacked by a full read-out of CRPs even if an adversary possesses the PUF for a long time.

In general, strong PUFs can be used for creating fingerprints of individual electronic devices, can appropriately be used to irrefutably authenticate that a device is the same as that device as originally manufactured, and can be used to irrefutably determine that no other device can be associated with a set of CRPs obtained in the validation process. Data and metadata can be securely bound to a specific device based on the use of a strong PUF. A PUF combined with a classification function can be used to create a “fingerprint” recorded, serialized, and tracked through a database for supply chain. A strong PUF can be used to help provide a complete supply chain and whole life use process that explains how to efficiently and effectively combine the use of PUFs for identification, authentication, and tracking with a set of procedural cryptographic techniques and tools to create a complete “cradle to grave” process that provides the additive capabilities for a) transfer of control from performer-to-performer or supplier-to-customer, b) sequential registration, time stamping, signing, recording, logging, and record transfer of transactions and transaction logs or ledgers for process performers, process actions events, locations, etc.

Embodiments can include an electronic device fingerprint approach and process for secure identification, authentication, tracking, tamper detection, and control of electronic processing devices within supply chains or moreover during the whole life cycle use for these devices. Embodiments can use an arbitrary number of CRPs derived from individual electronic processing devices. The CRPs can be created at any powered life cycle operation/step and then used by the step owner to provide proof-of-service-step performance and authenticity to down-stream consumers or users. CRPs can include a strong PUF derived cryptographic values that are bound to the corresponding electronic device. The CRPs can be used to bind information and objects to those individual electronic devices in a secure and irrefutable manner.

A CRP from a prior life cycle process step can be authenticated at a follow-on stage where device authenticity is screened or otherwise reaffirmed by verifying the response of the challenge defined by the CRP. CRPs and signatures can be used to testify to authenticity at each process step. Digital signatures of the CRPs can be used to testify to process and control steps as well as to provide accountability, audit, tamper detection, and other forensics. Cryptographic certificates with CRP signatures can be used to bind values and objects to specific devices in an unforgeable and irrefutable manner. Appendable transcripts or ledgers can be securely bound by CRPs to the devices to provide auditable chain-of-control logs as well as records of prior device/system history, etc.

Embodiments can use cryptographic techniques and instruments, such as a Merkle tree, a block chain ledger, or a combination thereof, to record process transactions which are securely bound to the specific devices or assemblies and systems that incorporate those electronic devices. Embodiments provide processes for transfer of control procedures securely bound to those specific devices or assemblies and systems that incorporate those devices

illustrates, by way of example, a diagram of an embodiment of systemfor generating a hash of a responsefor a device under test (DUT). The hash of the responsecan be used as a cryptographic verification. The DUT is an electronic device or a component of the electronic device. The systemincludes a challenge and response pairs. A challengefor the DUTcan be selected or retrieved, such as randomly or strategically, by the test device. The challengeis an electrical stimulus to be applied to the DUTso as to elicit a response. The responseis a characteristic reaction of the DUTand only the DUT. The responseis globally unique to the DUTdue to manufacturing variation. The challengeis the PUF and the responseis the output of the PUF. The responseis hashed, by a hash operator, to generate the hash of the response. The hash of the responsecan be stored in the memoryand associated with the challenge. The hash of the responseis unique to the DUT because the responseis unique to the DUT. The hash of the responsecan be used to verify the identity of the DUT, determine whether the DUThas been tampered with, determine whether the DUThas degraded is otherwise defective or damaged, update the DUT, encrypt or decrypt a communication, or the like. The hash of the responsecan be chained together in a tree of hashes of the responses associated with the DUTso as to verify that the components of the DUTare as expected.

The hash of the responsecan be stored, along with the corresponding challenge, a device identification (a number uniquely identifying the electronic device), one or more characteristics of the electronic device (e.g., a make of the electronic device, a model of the electronic device, a date or year manufactured, software or firmware installed on the electronic device), as an enrollment record in the memory.

The challengescomprise define electrical stimulus inputs that are provided to the DUT. The electrical stimulus can include a singular or pattern of voltages, currents, powers, or frequencies (e.g., a range of voltages, currents, power, and/or frequencies) provided to the DUTand a location for the electrical stimulus. The responseof the DUTcan include a power consumption, a voltage, current, power or frequency (e.g., a range of voltages, currents, power, or frequencies), temperature, signal timing, a signal to noise ratio (SNR), a radio frequency (RF) pattern, such as an RF pattern of a signal created by the component or an RF interference pattern of the component. The responsecan be measured by monitoring a voltage and/or current, sensing a temperature, detecting an RF radiation pattern, and/or using the measured data to calculate a parameter, such as SNR, power, propagation delay, or other parameter. In some embodiments, the challenge or response can include an electrical and/or frequency based signal leakage.

In one or more embodiments, circuit probes can be set up to provide the challengeto the test deviceexternal to the DUTbeing monitored, and the test devicecan determine the response based on the probes. In other embodiments the responsecan be measured internally by the DUTitself. The signals to be monitored can include inputs and/or outputs from one or more traces, pads, vias, or other component nodes, and/or signals from one or more sensors, such as an ohm meter, a current meter, a voltage meter, a temperature probe, a microphone, chemical sensor, magnetometer, accelerometer, gyroscope, capacitance sensor, position sensor, optical sensor, pressure sensor, force sensor, proximity sensor, or other sensor.

Using the system, the enrollment database can be populated with enrollment records that contain challengesand associated strong PUF responsesfor the DUT. The enrollment record can be generated at one or more stages of an electronic device's life cycle. Examples of life cycle stages include DUTfabrication, packaging, electrical testing, supplier receiving the DUT, consumer receiving the DUT, operation of the DUT, among others.

The hash operatorimplements a keyed or an unkeyed cryptographic hash function. Example hash functions that can be implemented by the hash operator include BLAKE, SHA, RIPE, MD, or the like.

illustrates, by way of example, a diagram of embodiment of a verification tree. The DUTcan be broken down into components, assemblies, and a system. A system is a combination assemblies or components. An assembly is a combination of components. Components are individual electric or electronic components such as resistors, transistors, capacitors, diodes, inductors, amplifiers, switches, multiplexers, logic gates, dies, or the like. An assembly can include a package of components, a circuit board with multiple components, or the like. The system is the final product that is delivered. One or more the components, assemblies, or system as a whole, can be tested, such as by using the system. Example systems and assemblies include field programmable gate arrays (FPGAs), central processing units (CPUs), graphics processing units (GPUs), systems on chips (SoCs), microcontroller unit (MCU), or the like. The responses of the components, assemblies, system, or a combination thereof, can be individually hashed and organized into the verification tree. The verification treeis thus a collection of hashed responsesor challenge and hashed response pairs. The hashed responsesare thus sometimes used in a same manner as a public key or an initialization vector.

The verification treeillustrated inincludes hashed responsesfrom three components, two assemblies, and a system. The three components and two assemblies are organized into the system. In the verification treethe leaves are formed by the hashed responsesfrom each of the components, assemblies, and system. That is, the hashed responsesfrom the components, assemblies, and the system are all on the same level of the verification treein the example of. Each of the nodes of the verification treeis a hash of multiple hash values. In the verification tree, the nodes are the ellipses with H(level, index) indicia.

Consider a use case in which a user wishes to verify that the component, assembly, or system is the precise one that was indicated as being delivered. During manufacturing, assembly, or distribution, an operator can record the challenge response pairsfor the component (see). The operator can provide the challengesfor the component that were performed during manufacturing to a future user. Then the user can retrieve the challenges for the component, such as by accessing the enrollment database or accessing a local record of the challenges. The user can then apply the challenges to the component and hash the corresponding responses. The hashed responses can be combined by further hashing the hashed responses to ultimately determine H(2,0). If H(2,0) matches the same value in the enrolment record, it is guaranteed that the component is indeed the same component that was installed during manufacturing. If any hash value in the verification treedoes not match what was recorded in the enrollment record, a component, assembly, or system is defective, fraudulent, or otherwise not operating in the manner expected. The verification treecan thus be used to verify individual components, the system, the assembly, individually or in combination.

illustrates, by way of example, a portion of the verification treebroken into three components,,, and an assembly. In the example of, the three components,,are dies and the assemblyis a multi-die device or package. The individual verification trees,,,represent subsets of the system level verification tree. Each of the individual verification trees,,,can be used to help verify that the components,,and the assemblyare the same as what was recorded in manufacturing, distribution, operation, or the like. The individual verification trees,,,can be assembled into the system level verification treeby hashing root nodes of the individual verification trees,,,together to form another node of the system level verification tree.

Any of the verification trees,,,,and corresponding challenges can be provided to a next entity in a supply chain. The verification trees,,,,can be used to verify the authenticity of the component, assembly, system, or the like associated therewith. The verification trees can indicate when a component is incorrect, a system is tampered with, or the like. An entity that receives the challenges can regenerate the verification tree based on the challenges and verify whether the regenerated verification tree matches the verification tree,,,,provided with the component, assembly, system, or the like.

illustrates, by way of example, a diagram of an embodiment of a systemfor command and control. The systemcan leverage the hash of the response(see) for secure communication between an operator devicedevice and corresponding tactical devices,,. The operator devicecan encrypt a communication in a manner in which the communication can be decrypted using the hash of the response. The operator devicecan broadcast the communication to multiple devices,,along with the challenge. The devices,,implement the challengeon themselves to produce a response. The devices,,can then hash their respective responses and attempt to decrypt the communication. The device,,for which the communication is intended will generate the hash of the responseand be able to decrypt the communication. The device,,for which the communication is not intended will not be able to generate the hash of the responseor decrypt the communication. The systemthus provides a cryptographic system for which keys do not need to be shared. Rather, in the system, the responses are inherent to the electronics of the devices,,by way of strong PUFs.

To communicate with each of the devices,,, the operatorfirst enrolls each of the devices,,and records their measured responses. Operator devicecan, during operation/verification issue a challenge to each of the devices,,and simultaneously use the enrolled data to pre-calculate the expected key that each device will generate. Therefore the operatorcan establish encrypted communication to each device,,. The operator devicewould then have three unique keys, one for each device. The operator devicecan include communications circuitry, such as a transmitter, receiver, or transceiver configured to generate the communications to the devices,,or receive communications from the devices,,.

illustrates, by way of example, a diagram of an embodiment of a block chain enrollment recordfor a component, assembly, system, device, or other electric or electronic device. The recordincludes sequential blocks,. Each of the sequential blocks,records challenge and hashed response data for a given electric or electronic device in block data. The challenge and hashed response data can be stored in the block data. The block datacan include verification trees with the challenge and hashed response pairs. The block datacan be encrypted with a key that is a hashed response value. This makes it so that only an entity in possession of a genuine device can navigate the block chain.

Each of the sequential blocks,also includes a block header. The block headercan be used to verify that the enrollment record has not been altered. A hash of a previous block headercan be used to verify that the block is not altered. For example, the hash of the previous block header in the blockcan be used to verify the information in the block. A timestampindicates a time at which the block was added to the blockchain. A noncecan be used to help indicate that an entity accessing the block chain is not malicious, such as by preventing block replay. A hash of block dataindicates a value stored in a root node (sometimes called a root key value) of a verification tree for the device associated with the block data. In, each of the nodes above the first level of nodes (the first level of nodes are the nodes labeled H(1,X) where X is an integer). Thus, each of the nodes H(Y,X), where Y>1 are root nodes. If the block datacorresponds to component 1, the hash of block datacan store the value of the node H(2,0).

illustrates, by way of example, a flow diagram of an embodiment of a techniquefor securely performing system upgrades. The techniqueas illustrated includes enrolling an electronic device in the system upgrade process, at operation. Enrolling the electronic device includes recording challenge and hash of response pairs for the electronic device in the block chain record(see), for example. The challenge and response pairs act as cryptographic keys for the electronic device.

The techniqueas illustrated includes authenticating the electronic device at operation. Authenticating can include decrypting a payload using hashed responses (or hashes of combinations of the hashed responses, etc.). The payload is verified if it is accurately decrypted.

At operation, the payload can be deployed on the electronic device to update the electronic device.

Upgrading or updating a component can result in branching of the block chain(see). The replacement/upgraded/updated component can be legitimate, however it would have a different response than the original device, hence creating a new block in the block chain and therefore branching from the baseline. Note that changing out a component can alter a response of a challenge and response pair. The electronic device can encrypt a communication that indicates changes to a response of a challenge and response pair using a same or similar key as was used to encrypt the payload. Then the communication can be decrypted by an enrollment manager. The enrollment manager can then update the response value associated with the challenge responsive to verifying the communication.

illustrates, by way of example, a diagram of an embodiment of systemfor generating a hash of a responsefor a bio-organism. The systemis similar to the systemofwith the systemincluding a bio-organismin place of the DUT. Similar to the system, the hash of the responsefrom the bio-organismcan be used as a cryptographic verification.

The systemcan enroll the bio-organismby collecting specific individual bio features, such as eye retina scan, fingerprint scan, voice scan, or the like. The strong PUF concept can be applied to the bio-organismby providing bio-organism with stimulus (challenge) and collect the responses to the stimulus. An example of stimulus includes a picture. The response to the stimulus can be collected. A combination of individual bio features and stimulus responses can be used to authenticate the bio-organismin a manner similar to that used to authenticate the DUT(see).

The bio-organismis an animal, plant, fungi, protist, bacteria, archaea, or the like. The systemincludes challenge and hashed response pairs. A challengefor the bio-organismcan be selected or retrieved, such as randomly or strategically, by the test device. The challengeis an electrical, optical, chemical, mechanical or other stimulus to be applied to the bio-organism so as to elicit a response. The responseis a characteristic reaction of the bio-organismand only the bio-organism. The responseis globally unique to the bio-organismdue to growth variation/preference/bias. The challengeis the PUF and the responseis the output of the PUF. The responseis hashed, by a hash operator, to generate the hash of the response. The hash of the responsecan be stored in the memoryand associated with the challenge. The hash of the responseis unique to the bio-organismbecause the responseis unique to the bio-organism. The hash of the responsecan be used to verify the identity of the bio-organism, determine whether the bio-organismhas been tampered with, determine whether the bio-organismhas degraded is otherwise defective or damaged, encrypt or decrypt a communication, or the like. The hash of the responsecan be chained together in a tree of hashes of the responses associated with the bio-organismso as to verify that the bio-organismis as expected.

Example challengesin the example of verifying a human bio-organism an image presentation, a sound presentation, or the like while performing a retina scan, recording voice, or the like. Another example challenge is a fingerprint. The hashed responses, similar to what can be performed with the DUT(see) can form a verification tree. Only the bio-organismthat enrolled to generate the tree will be able to verify and attest that they are the bio-organism.

illustrates, by way of example, a diagram of an embodiment of a methodfor securing a supply chain of a component, assembly, system, or the like that includes strong PUFs. The methodas illustrated includes identifying (i) respective challenges indicating respective stimuli and (ii) a root node hash value, at operation; generating the respective stimuli, at operation; recording respective responses to the respective electrical stimuli, at operation; hashing the respective responses resulting in respective hashed responses, at operation; hashing a combination of hashed responses of the respective hashed responses resulting in a key, at operation; and comparing the key to the root node hash value, at operation.

The respective challenges, and the root node hash value can be stored in a blockchain. A block of the blockchain can include the root node hash value stored in a header. The block of the blockchain can include the respective challenges and hashes of the respective responses in block data. The block data can be encrypted using a respective hashed response of the hashed responses.

The methodcan further include issuing a communication with a payload encrypted based on the root node hash value. The communication can be broadcast. The communication can further include the respective challenges. The methodcan further include identifying that the electronic device is not authentic based on determining the root node hash value does not match the key.

illustrates, by way of example, a block diagram of an embodiment of a machineon which one or more of the methods as discussed herein can be implemented. The machinecan include a computing device instantiated as a compute device or server. One or more of the memory, test device, DUT, hash operator, component,,, assembly, operator device, device,,, technique, system, method, or the like can include or be implemented using one or more of the items of the machine. In alternative embodiments, the machineoperates as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the machinemay operate in the capacity to monitor multiple components and circuits and may operate as a server or a client machine in server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. Further, while only a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.

The example machineincludes a processor(e.g., a central processing unit (CPU), a graphics processing unit (GPU) or both), a main memoryand a static memory, which communicate with each other via a bus. The machinemay further include a video display unit(e.g., a liquid crystal display (LCD), light emitting diode (LED), a cathode ray tube (CRT), or the like). The machinemay include an alphanumeric input device(e.g., a keyboard), a user interface (UI) navigation device(e.g., a mouse), a disk drive unit, a signal generation deviceand a network interface device.

The memory,,are examples of a storage device that can include instructions stored thereon that are executed by a machine, such as a processor or other processing circuitry, and can cause the machine to perform operations. The instructions and other information can be encrypted or otherwise protected by one or more security measures, such as to help protect the operational boundaries and other data stored thereon.

The disk drive unitincludes a machine-readable mediumon which is stored one or more sets of instructions and data structures (e.g., software)embodying or utilized by any one or more of the methodologies or functions described herein. The instructionsmay also reside, completely or at least partially, within the main memoryand/or within the processorduring execution thereof by the computer system, the main memoryand the processoralso constituting machine-readable media.

While the machine-readable mediumis shown in an example embodiment to be a single medium, the term “machine-readable medium” may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more instructions or data structures. The term “machine-readable medium” shall also be taken to include any tangible medium that is capable of storing, encoding or carrying instructions for execution by the machine and that can cause the machine to perform any one or more of the methodologies of the present disclosure, or that is capable of storing, encoding or carrying data structures utilized by or associated with such instructions. The term “machine-readable medium” shall accordingly be taken to include, but not be limited to, analog switches or circuits, solid-state memories, and optical and magnetic media. Specific examples of machine-readable media include non-volatile memory, including by way of example semiconductor memory devices, e.g., Erasable Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks.

The instructionsmay further be transmitted or received over a communications networkusing a transmission medium. The instructionsmay be transmitted using the network interface deviceand any one of a number of transfer protocols (e.g., File Transfer over TCP/IP, UDP, etc.). Examples of communication networks include a local area network (“LAN”) and wireless data networks (e.g., WiFi and WiMax networks). The term “transmission medium” shall be taken to include any intangible medium that is capable of storing, encoding or carrying instructions for execution by the machine, and includes digital or analog communications signals or other intangible media to facilitate communication of such software.

In various example embodiments, one or more computer systems (e.g., a standalone computer system, a client computer system, or a server computer system) or one or more hardware modules of a computer system (e.g., a processor or a group of processors) may be configured by software (e.g., an application or application portion) as a hardware module that operates to perform certain operations as described herein.

In some embodiments, a hardware module may be implemented mechanically, electronically, or any suitable combination thereof. For example, a hardware module may include dedicated circuitry or logic that is permanently configured to perform certain operations. For example, a hardware module may be a special-purpose processor, such as a Field-Programmable Gate Array (FPGA) or an Application Specific Integrated Circuit (ASIC). A hardware module may also include programmable logic or circuitry that is temporarily configured by software to perform certain operations. For example, a hardware module may include software executed by a general-purpose processor or other programmable processor. Once configured by such software, hardware modules become specific machines (or specific components of a machine) uniquely tailored to perform the configured functions and are no longer general-purpose processors. It will be appreciated that the decision to implement a hardware module mechanically, in dedicated and permanently configured circuitry, or in temporarily configured circuitry (e.g., configured by software) may be driven by cost and time considerations.

The various operations of example methods described herein may be performed, at least partially, by one or more processors that are temporarily configured (e.g., by software) or permanently configured to perform the relevant operations. Whether temporarily or permanently configured, such processors may constitute processor-implemented modules that operate to perform one or more operations or functions described herein. As used herein, “processor-implemented module” refers to a hardware module implemented using one or more processors.

Similarly, the methods described herein may be at least partially processor-implemented, with a particular processor or processors being an example of hardware. For example, at least some of the operations of a method may be performed by one or more processors or processor-implemented modules. Moreover, the one or more processors may also operate to support performance of the relevant operations in a “cloud computing” environment or as a “software as a service” (SaaS). For example, at least some of the operations may be performed by a group of computers (as examples of machines including processors), with these operations being accessible via a network (e.g., the Internet) and via one or more appropriate interfaces (e.g., an Application Program Interface (API)).